I added this to web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>login page</web-resource-name>
<description></description>
<url-pattern>/login</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This did not work. System hangs. Never brings up the login form. The
examples I've seen don't do this. I don't think that you have to. I do
know this. From the debug log I am still using the standard
RequestProcessor, not the SecureRequestProcessor. I do I change this class
to use the correct one for the sslext technique.
-----Original Message-----
From: Jim Kennedy [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 4:01 PM
To: 'Struts Users Mailing List'
Subject: RE: Trouble with SSL and struts using sslext
I've made no changes to my web.xml.
Should I define a user data constraint? I hesitated doing that because the
login page is not under security.
-----Original Message-----
From: Jim Barrows [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 3:53 PM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: RE: Trouble with SSL and struts using sslext
> -----Original Message-----
> From: Jim Kennedy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 22, 2004 12:50 PM
> To: 'Struts Users Mailing List'
> Subject: Trouble with SSL and struts using sslext
>
>
> I can't seem to get any of my action to go under https. The config
> seems fairly simple but I must be missing something. I want some
> pages to be under SSL and others not to.
>
> Here is my config:
>
> Struts-config.xml (snippet only)
Where's the web.xml?
You specify it in there as well.... transport something this the tag iirc.
>
> <!-- ========== Action Mapping Definitions
> ==============================
> -->
> <action-mappings
> type="org.apache.struts.config.SecureActionConfig">
>
>
> <action path="/login"
>
> type="org.apache.struts.actions.ForwardAction"
>
> parameter="/tmpl_main.jsp?pageleft=/mainmenu.jsp&pagecente
> r=/login.jsp&a
> mp;pageright=/rightmenu.jsp&pagetitle=home.title.key" >
> <set-property property="secure" value="true"/>
> </action>
>
>
>
> Also....
>
> <!-- ========== Plug Ins Configuration
> ==================================
> -->
> <plug-in
> className="org.apache.struts.validator.ValidatorPlugIn">
> <set-property property="pathnames"
> value="/WEB-INF/validator-rules.xml,
>
> /WEB-INF/validation.xml"/>
> </plug-in>
>
> <plug-in className="org.apache.struts.action.SecurePlugIn">
> <set-property property="httpPort" value="8080"/>
> <set-property property="httpsPort" value="443"/>
> <set-property property="enable" value="true"/>
> <set-property property="addSession" value="true"/>
> </plug-in>
>
>
>
> I have placed the sslext.jar in the lib directory. Assuming I have
> the other necessary jars out there, what else is there left to do? I
> am using form based auth. I am not using any of the ssl tag lib
> extensions. Don't really won't to.
>
>
> Thanks
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
